SSH proxy: allow using a bare hostname without root@

Otherwise we can't connect to the proxy as the local user and we can't use ~/.ssh/config to set User directives. Defaulting to root@ is hard to deprecate without introducing new config. A clean break is probably clearest.
2024-10-03 12:03:34 -07:00
10 changed files with 26 additions and 25 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    kamal (2.1.2)
+    kamal (2.1.1)
      activesupport (>= 7.0)
      base64 (~> 0.2)
      bcrypt_pbkdf (~> 1.0)
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -135,7 +135,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
    puts "No documentation found for #{section}"
  end

-  desc "init", "Create config stub in config/deploy.yml and secrets stub in .kamal"
+  desc "init", "Create config stub in config/deploy.yml and env stub in .env"
  option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub"
  def init
    require "fileutils"
--- a/lib/kamal/cli/templates/deploy.yml
+++ b/lib/kamal/cli/templates/deploy.yml
@@ -14,9 +14,8 @@ servers:
  #   cmd: bin/jobs

 # Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server).
-# If using something like Cloudflare, it is recommended to set encryption mode 
-# in Cloudflare's SSL/TLS setting to "Full" to enable end-to-end encryption. 
-proxy: 
+# Set ssl: false if using something like Cloudflare to terminate SSL (but keep host!).
+proxy:
  ssl: true
  host: app.example.com
  # kamal-proxy connects to your container over port 80, use `app_port` to specify a different port.
--- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
+++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
@@ -1,3 +1,13 @@
-#!/bin/sh
+#!/usr/bin/env ruby

-echo "Docker set up on $KAMAL_HOSTS..."
+# A sample docker-setup hook
+#
+# Sets up a Docker network on defined hosts which can then be used by the application’s containers
+
+hosts = ENV["KAMAL_HOSTS"].split(",")
+
+hosts.each do |ip|
+  destination = "root@#{ip}"
+  puts "Creating a Docker network \"kamal\" on #{destination}"
+  `ssh #{destination} docker network create kamal`
+end
--- a/lib/kamal/configuration/docs/ssh.yml
+++ b/lib/kamal/configuration/docs/ssh.yml
@@ -29,8 +29,8 @@ ssh:

  # Proxy host
  #
-  # Specified in the form <host> or <user>@<host>:
-  proxy: root@proxy-host
+  # Specified in the form <host> or <user>@<host>
+  proxy: proxy-host

  # Proxy command
  #
--- a/lib/kamal/configuration/proxy.rb
+++ b/lib/kamal/configuration/proxy.rb
@@ -29,7 +29,7 @@ class Kamal::Configuration::Proxy
  def deploy_options
    {
      host: hosts,
-      tls: proxy_config["ssl"].presence,
+      tls: proxy_config["ssl"],
      "deploy-timeout": seconds_duration(config.deploy_timeout),
      "drain-timeout": seconds_duration(config.drain_timeout),
      "health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
--- a/lib/kamal/configuration/ssh.rb
+++ b/lib/kamal/configuration/ssh.rb
@@ -19,9 +19,9 @@ class Kamal::Configuration::Ssh
  end

  def proxy
-    if (proxy = ssh_config["proxy"])
-      Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
-    elsif (proxy_command = ssh_config["proxy_command"])
+    if proxy = ssh_config["proxy"]
+      Net::SSH::Proxy::Jump.new(proxy)
+    elsif proxy_command = ssh_config["proxy_command"]
      Net::SSH::Proxy::Command.new(proxy_command)
    end
  end
--- a/lib/kamal/version.rb
+++ b/lib/kamal/version.rb
@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "2.1.2"
+  VERSION = "2.1.1"
 end
--- a/test/commands/app_test.rb
+++ b/test/commands/app_test.rb
@@ -135,14 +135,6 @@ class CommandsAppTest < ActiveSupport::TestCase
      new_command.deploy(target: "172.1.0.2").join(" ")
  end

-  test "deploy with SSL false" do
-    @config[:proxy] = { "ssl" => false }
-
-    assert_equal \
-      "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"172.1.0.2:80\" --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"",
-      new_command.deploy(target: "172.1.0.2").join(" ")
-  end
-
  test "remove" do
    assert_equal \
      "docker exec kamal-proxy kamal-proxy remove app-web",
@@ -302,7 +294,7 @@ class CommandsAppTest < ActiveSupport::TestCase

  test "run over ssh with proxy" do
    @config[:ssh] = { "proxy" => "2.2.2.2" }
-    assert_equal "ssh -J root@2.2.2.2 -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1")
+    assert_equal "ssh -J 2.2.2.2 -t root@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1")
  end

  test "run over ssh with proxy user" do
@@ -312,7 +304,7 @@ class CommandsAppTest < ActiveSupport::TestCase

  test "run over ssh with custom user with proxy" do
    @config[:ssh] = { "user" => "app", "proxy" => "2.2.2.2" }
-    assert_equal "ssh -J root@2.2.2.2 -t app@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1")
+    assert_equal "ssh -J 2.2.2.2 -t app@1.1.1.1 -p 22 'ls'", new_command.run_over_ssh("ls", host: "1.1.1.1")
  end

  test "run over ssh with proxy_command" do
--- a/test/configuration/ssh_test.rb
+++ b/test/configuration/ssh_test.rb
@@ -30,7 +30,7 @@ class ConfigurationSshTest < ActiveSupport::TestCase

  test "ssh options with proxy host" do
    config = Kamal::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "proxy" => "1.2.3.4" }) })
-    assert_equal "root@1.2.3.4", config.ssh.options[:proxy].jump_proxies
+    assert_equal "1.2.3.4", config.ssh.options[:proxy].jump_proxies
  end

  test "ssh options with proxy host and user" do